summaryrefslogtreecommitdiff
path: root/librpc
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2022-37966 drsuapi.idl: add trustedDomain related ATTID valuesStefan Metzmacher2022-12-141-0/+9
| | | | | | | | | | | | | | For now this is only for debugging in order to see DRSUAPI_ATTID_msDS_SupportedEncryptionTypes in the replication meta data. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit f1c5fa28c460f7e011049606b1b9ef96443e5e1f)
* CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ↵Andrew Bartlett2022-12-141-0/+1
| | | | | | | | | | | | | | | | | | | | ENC_HMAC_SHA1_96_AES256_SK was added ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this CVE to indicate that additionally, AES session keys are available. We set the etypes available for session keys depending on the encryption types that are supported by the principal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219 Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> (similar to commit 975e43fc45531fdea14b93a3b1529b3218a177e6) [jsutton@samba.org Fixed knownfail conflicts]
* CVE-2022-37966 param: Add support for new option "kdc default domain ↵Joseph Sutton2022-12-141-0/+1
| | | | | | | | | | | | | | | | | supportedenctypes" This matches the Windows registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d861d4eb28bd4c091955c11669edcf867b093a6f)
* CVE-2022-37967 Add new PAC checksumJoseph Sutton2022-12-141-1/+3
| | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15231 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (similar to commit a50a2be622afaa7a280312ea12f5eb9c9a0c41da) [jsutton@samba.org Fixed conflicts in krb5pac.idl and raw_testcase.py]
* smbXsrv_client: notify a different node to drop a connection by client guid.Stefan Metzmacher2022-09-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a client disconnected all its interfaces and reconnects when the come back, it will likely start from any ip address returned dns, which means it can try to connect to a different ctdb node. The old node may not have noticed the disconnect and still holds the client_guid based smbd. Up unil now the new node returned NT_STATUS_NOT_SUPPORTED to the SMB2 Negotiate request, as messaging_send_iov[_from]() will return -1/ENOSYS if a file descriptor os passed to a process on a different node. Now we tell the other node to teardown all client connections belonging to the client-guid. Note that this is not authenticated, but if an attacker can capture the client-guid, he can also inject TCP resets anyway, to get the same effect. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Sep 2 20:59:15 UTC 2022 on sn-devel-184 (cherry picked from commit 8591d9424371e173b079d5c8a267ea4c2cb266ad) Autobuild-User(v4-17-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-17-test): Tue Sep 6 10:27:58 UTC 2022 on sn-devel-184
* samr.idl: Add samr_ChangePasswordUser4()Andreas Schneider2022-07-281-0/+34
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* samr:idl: add samr_SupportedFeatures for samr_Connect5()Andreas Schneider2022-07-281-1/+8
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* samr.idl: Add support for new AES encrypted password bufferAndreas Schneider2022-07-281-1/+23
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* librpc:rpc: Add SAMR encryption and mac key salt definitionsAndreas Schneider2022-07-281-0/+42
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and ↵Joseph Sutton2022-07-271-0/+23
| | | | | | | | | | | | | | auth_session_info This field may be used to convey whether we were provided with a TGT or a non-TGT. We ensure both structures are zeroed out to avoid incorrect results being produced by an uninitialised field. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
* librpc:ndr: Update ndr_print_debug() and add macro NDR_PRINT_DEBUG_LEVELPavel Filipenský2022-07-154-6/+300
| | | | | | | | | | | | Bumping the ABI to 3.0.0 This is enhancement of NDR_PRINT_DEBUG macro with following new features: * debug level can be specified (NDR_PRINT_DEBUG always uses level 1) * the trace header shows the location and function of the caller instead of function 'ndr_print_debug', which is not really useful. Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* security.idl: add missing BUILTIN SIDsBjörn Jacke2022-06-201-0/+2
| | | | | | | | | | | | | see: https://docs.microsoft.com/en-us/windows/win32/secauthz/well-known-sids https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-security-groups https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jun 20 18:18:15 UTC 2022 on sn-devel-184
* spelling: connnect encrytion exisit expection explicit invalide missmatch ↵Michael Tokarev2022-06-101-1/+1
| | | | | | | | | | | | | | | | | | paramater paramter partion privilige relase reponse seperate unkown verson authencication progagated Tree-wide spellcheck for some common misspellings. source3/utils/status.c has misspelled local variable (unkown_dialect). "missmatch" is a known historical misspelling, only the incorrect misspellings are fixed. source3/locale/net/de.po has the spelling error (unkown) in two msgids - it probably should be updated with current source. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbind: Convert InitConnection from struct based to NDR basedSamuel Cabrero2022-05-191-0/+16
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbind: Convert winbindd_dual_pam_chauthtok() from struct based to NDR basedSamuel Cabrero2022-05-192-2/+13
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbind: Convert winbindd_dual_pam_chng_pswd_auth_crap() from struct ↵Samuel Cabrero2022-05-191-0/+11
| | | | | | | based to NDR based Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbind: Convert PamLogOff from struct based to ndr basedSamuel Cabrero2022-05-191-0/+9
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc:idl: Add NDR_SECRET flag for ntlm and challenge blobsSamuel Cabrero2022-05-191-3/+3
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbind: Convert PAM_AUTH_CRAP from struct based to NDR basedSamuel Cabrero2022-04-301-0/+21
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc:idl: Add comments to assert identity string in security.idlStefan Metzmacher2022-04-131-0/+11
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:winbind: Convert PamAuth from struct based to NDR basedSamuel Cabrero2022-04-081-0/+22
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: remove itime and file_id logic and codeRalph Boehme2022-03-311-0/+7
| | | | | | | | | | | | | | | | | | This bases File-Ids on the inode numbers again. The whole stuff was added because at that time Apple clients 1. would be upset by inode number reusage and 2. had a client side bug in their fallback implemetentation that assigns File-Ids on the client side in case the server provides File-Ids of 0. After discussion with folks at Apple it should be safe these days to rely on the Mac to generate its own File-Ids and let Samba return 0 File-Ids. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbind: Return NTSTATUS from wbint_Ping() RPC functionSamuel Cabrero2022-03-251-1/+1
| | | | | | | | There are no users of this function but the next commit will convert the struct-based WINBINDD_PING call to a local RPC wbint_Ping() call. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* sddl: Add new SDDL SID stringsJoseph Sutton2022-03-171-0/+28
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* sddl: Fix incorrect SDDL SID stringsJoseph Sutton2022-03-171-0/+2
| | | | | | | | | | Change the values to match those used by Windows. Verified with PowerShell commands of the form: New-Object Security.Principal.SecurityIdentifier ER Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:winbind: Convert ListTrustedDomains parent/child call to NDRSamuel Cabrero2022-03-062-2/+8
| | | | | | | | | By using NDR we avoid manual marshalling (netr_DomainTrust array to text string) and unmarshalling (parse the received text string back to a netr_DomainTrust array). Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns.idl/dnsp.idl: add missing DNS ressource record typesBjörn Jacke2022-02-162-1/+26
| | | | | | | | Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Feb 16 20:43:55 UTC 2022 on sn-devel-184
* dnsp.idl: add missing DNS_RPC_RECORD definesBjörn Jacke2022-02-161-0/+2
| | | | | | | | taken from MSDN 2.2.2.2.5: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/ac793981-1c60-43b8-be59-cdbb5c4ecb8a Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* ndrdump: Small simplificationVolker Lendecke2022-02-111-4/+3
| | | | | | | Remove the talloc_steal(), we can allocate on mem_ctx directly Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0Stefan Metzmacher2022-01-241-1/+4
| | | | | | | | | | | | convert_string_talloc_handle() tries to play an the safe side and always returns a null terminated array. But for NDR we need to be correct on the wire... BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* ndrdump: make use of dump_data_file_diff() in order to show differencesStefan Metzmacher2022-01-241-0/+10
| | | | | | | | | | This makes it much easier to detect differences in the given and generated buffers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dcesrv_core: wrap gensec_*() calls in [un]become_root() callsStefan Metzmacher2022-01-243-0/+25
| | | | | | | | | | | | | | | | | | | | | This is important for the source3/rpc_server code as it might be called embedded in smbd and may not run as root with access to our private tdb/ldb files. Note this is only really needed for 4.15 and older, as we no longer run the rpc_server embedded in smbd, but we better be consistent for now. This should be able to fix the problem the printing no longer works on Windows 7 with 2021-10 monthly rollup patch (KB5006743). Windows uses NTLMSSP with privacy at the DCERPC layer on top of NCACN_NP (smb). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14867 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* netlogon.idl: Add FAST support bitsJoseph Sutton2022-01-191-0/+3
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* netlogon.idl: Add flags for indicating directory service versionsJoseph Sutton2021-12-241-4/+16
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* dcesrv_core: Remove unused dcesrv_reinit_context()Volker Lendecke2021-12-102-30/+0
| | | | | | | | | This was only used in the prefork source3 rpc servers Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* idl: Define messages sent between samba-dcerpcd and rpcd'sVolker Lendecke2021-12-101-0/+4
| | | | | | | | | | | | | MSG_RPC_DUMP_STATUS will be like pool-usage carrying a file descriptor to report status to, the other two are described in rpc_host.idl. NOALIGN on rpc_worker_status: This makes it easier to count bytes to push into a static buffer. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dcesrv_core: Add dcesrv_loop_next_packet()Volker Lendecke2021-12-102-0/+27
| | | | | | | | | | | | | This is used by the helpers of samba-dcerpcd: When accepting a DCERPC client, normally the server engine would read the initial bind packet. In case of samba-dcerpcd the bind packet will already be read from the socket, so we need to inject it into the rpc server engine externally. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* backupkey.idl: Don't listen on \\pipe\ntsvcsVolker Lendecke2021-12-101-1/+1
| | | | | | | | | | | | [MS-BKRP] says it SHOULD listen here. In the ad dc, this conflicts with smbd's srv_ntsvcs_nt.c listening also on nt ntsvcs unix domain socket. Because "samba" starts smbd after itself, smbd takes over the socket anyway, backupkey can't have been reached over this transport. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dcesrv_core: Add dcesrv_context_set_callbacks()Volker Lendecke2021-12-102-0/+23
| | | | | | | | | | | We'll need to set custom callbacks on source3's global_dcesrv_ctx, which right now is deeply embedded. Once we have everything more nicely layered, this can go again. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* librpc: Add named_pipe_auth_req_info5->transportVolker Lendecke2021-12-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | This will serve as a check to make sure that in particular a SAMR client is really root. This is for example used in get_user_info_18() handing out a machine password. The unix domain sockets for NCACN_NP can only be contacted by root, the "np\" subdirectory for those sockets is root/root 0700. Connecting to such a socket is done in two situations: First, local real root processes connecting and smbd on behalf of SMB clients connecting to \\pipe\name, smbd does become_root() there. Via the named_pipe_auth_req_info4 smbd hands over the SMB session information that the RPC server blindly trusts. The session information (i.e. the NT token) is heavily influenced by external sources like the KDC. It is highly unlikely that we get a system token via SMB, but who knows, this is information not fully controlled by smbd. This is where this additional field in named_pipe_auth_req_info5 makes a difference: This field is set to NCACN_NP by smbd's code, not directly controlled by the clients. Other clients directly connecting to a socket in "np\" is root anyway (only smbd can do become_root()) and can set this field to NCALRPC. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* named_pipe_auth.idl: Add "need_idle_server"Volker Lendecke2021-12-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Once RPC services are done by individual processes, we need to avoid recursion between processes: Any RPC server process will be able to serve multiple client requests simultaneously, but each request is served in a single-threaded blocking manner. For example the netlogon RPC service needs to ask samr for something. The netlogon->samr connection will initially be handled by a central dispatcher assigning clients to processes. This dispatcher needs to know that this connection can't end up in the same process that originated the request. With this flag an RPC client can request a samr server process that exclusively serves its own requests and that will not serve anybody else while serving netlogon. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* named_pipe_auth: Bump info4 to info5Volker Lendecke2021-12-101-4/+4
| | | | | | | We'll add a field soon Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2021-23192: dcesrv_core: only the first fragment specifies the auth_contextsStefan Metzmacher2021-11-094-26/+108
| | | | | | | | | All other fragments blindly inherit it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org>
* CVE-2021-23192: dcesrv_core: add dcesrv_fault_disconnect0() that skips ↵Stefan Metzmacher2021-11-091-31/+16
| | | | | | | | | | | DCERPC_PFC_FLAG_DID_NOT_EXECUTE That makes the callers much simpler and allow better debugging. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org>
* CVE-2021-23192: dcesrv_core: add better debugging to dcesrv_fault_disconnect()Stefan Metzmacher2021-11-091-5/+24
| | | | | | | | | It's better to see the location that triggered the fault. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org>
* CVE-2020-25719 krb5pac.idl: Add PAC_REQUESTER_SID PAC buffer typeJoseph Sutton2021-11-091-1/+7
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-25719 krb5pac.idl: Add PAC_ATTRIBUTES_INFO PAC buffer typeJoseph Sutton2021-11-091-1/+13
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-25721 krb5pac: Add new buffers for samAccountName and objectSIDAndrew Bartlett2021-11-092-4/+18
| | | | | | | | | These appear when PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID is set. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
* tests/krb5: Check buffer types in PAC with STRICT_CHECKING=1Joseph Sutton2021-10-141-0/+3
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* idl: declare token array of storage_offload_token as in-lineRalph Boehme2021-10-081-1/+1
| | | | | | | | | This ensures the order of the struct element is the same as in the IDL definition. For an conformant array using the [sizeis(n)] syntax the sizeis member is stored as first element in the marshall buffer. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status